VMware Cloud Community
marcushueller
Contributor
Contributor
‎02-10-2008 11:19 PM

HA in DMZ (AAMClient) with less ports possible?

Hello Community!

We are looking for how to secure access in DMZ with VI3 for external companies we integrate in our environment. We plan to use HA as well. The AAMClient uses incoming AND outgoing ports (for tcp AND udp) from 2050 to 5000. Is there a way to reduce the number of ports?

Thank you!

Marcus

Reply
0 Kudos
3 Replies
rpartmann
Hot Shot
Hot Shot
‎02-11-2008 01:49 AM

Hi,

there are different ways which should work.

1.) create a secon COS within the DMZ and lock everything out except 902,903 for VI Client

2.) allow only ESX-nnn and VC access to each other and well defined IP´s

for example in this thread we closed the SSH on a secondary COS port.

hth,

Reinhard.

ps: Award points if you find answers helpful. Thanks.

ps: Award points if you find answers helpful. Thanks.
Reply
Rodos
Expert
Expert
‎02-11-2008 02:44 AM

Are you putting the ESX hosts into the DMZ or do you simply have VM's who need to reside in a DMZ network (vlan).

You can vlan the DMZ in through your physical production nics and the HA traffic does not need to flow anywhere near your DMZ or firewalls.

Considering awarding points if this is of use

Rodos {size:10px}{color:gray}Consider the use of the helpful or correct buttons to award points. Blog: http://rodos.haywood.org/{color}{size}
Reply
0 Kudos
marcushueller
Contributor
Contributor
‎02-11-2008 07:15 AM

Hello Rodos,

we want to put the Service Console Ports into a secured Management Area (DMZ 1) near the VC server. The host should serve different VMs in various DMZs (DMZ 2 to DMZ xx).

Regards, Marcus

Reply
0 Kudos